TRENDING:

Healthcare , Incident & Breach Response , Industry Specific

Why Healthcare Needs to Beef Up Incident Response Plans

Van Steel of LBMC Information Security on Responding to IT Outages Marianne Kolbasuk McGee (HealthInfoSec) • December 26, 2022     11 Minutes   
Why Healthcare Needs to Beef Up Incident Response Plans
Van Steel, partner, LBMC Information Security

Effective testing of incident response plans continues to be a major weakness for many healthcare sector entities, especially those facing ransomware and other disruptive incidents, says Van Steel, a partner at consultancy LBMC Information Security.

"A well-defined continuity or incident response plan starts with the security team interviewing the business and practitioners about what is critical to conducting their jobs. What I see is that that communication is broken down in some cases," he says in an interview with Information Security Media Group.

Entities often don't fully understand what the ramifications are of an incident on a particular application, platform or technology in use, Steel says.

"That criticality discussion … saying that this machine needs to be running 24 hours a day, seven days a week and cannot go down for an extensive period of time or patient care is at risk - that's not happening enough," he says.

According to Steel, entities are not "digging into" and conducting test plans for incident response involving the critical applications and systems in their environments. "It does surprise organizations that they simply cannot care for patients during an outage because they are so dependent on this medical device, or scope, or something like that that runs on the network."

In the interview (see audio link below photo), Steel also discusses:

  • Recognized security practices that federal regulators say they will consider before making a HIPAA enforcement determination against a covered entity or business associate;
  • Security challenges involving medical devices and other internet of things gear;
  • Emerging cybersecurity issues facing healthcare sector entities in the new year.

Steel is an LBMC shareholder in the risk and information security practice. He has over 20 years of experience in information security, IT audit, and consulting services across many industries, but his primary focus has been in healthcare. During his 14 years at consulting firm KPMG, Steel worked directly with the Department of Health and Human Services Office for Civil Rights in interpreting HIPAA security and privacy law requirements, developing audit protocols and conducting performance audits against the program.

Previous
Advancing Standards-Based, Secure Health Data Exchange
Next
How to Reduce Clinician Friction in a Zero Trust Approach



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.